﻿using System;
using System.Security.Cryptography;

namespace TempStorage
{
	/// <summary>
	///     Salted password hashing with PBKDF2-SHA1.
	///     Author: havoc AT defuse.ca
	///     www: http://crackstation.net/hashing-security.htm
	///     Compatibility: .NET 3.0 and later.
	/// </summary>
	public static class PasswordHashHelper
	{
		// The following constants may be changed without breaking existing hashes.
		private const int SALT_BYTE_SIZE = 24;
		private const int HASH_BYTE_SIZE = 24;
		private const int PBKDF2_ITERATIONS = 1000;

		private const int ITERATION_INDEX = 0;
		private const int SALT_INDEX = 1;
		private const int PBKDF2_INDEX = 2;

		/// <summary>
		///     Creates a salted PBKDF2 hash of the password.
		/// </summary>
		/// <param name="password">The password to hash.</param>
		/// <returns>The hash of the password.</returns>
		public static string CreateHash(string password)
		{
			// Generate a random salt

			var salt = new byte[SALT_BYTE_SIZE];
			using (var csprng = new RNGCryptoServiceProvider())
			{
				csprng.GetBytes(salt);
			}

			// Hash the password and encode the parameters
			var hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
			return PBKDF2_ITERATIONS + ":" +
					Convert.ToBase64String(salt) + ":" +
					Convert.ToBase64String(hash);
		}

		/// <summary>
		///     Validates a password given a hash of the correct one.
		/// </summary>
		/// <param name="password">The password to check.</param>
		/// <param name="correctHash">A hash of the correct password.</param>
		/// <returns>True if the password is correct. False otherwise.</returns>
		public static bool ValidatePassword(string password, string correctHash)
		{
			if (password == null) throw new ArgumentNullException("password");
			if (correctHash == null) throw new ArgumentNullException("correctHash");

			// Extract the parameters from the hash
			char[] delimiter = {':'};
			var split = correctHash.Split(delimiter);
			var iterations = int.Parse(split[ITERATION_INDEX]);
			var salt = Convert.FromBase64String(split[SALT_INDEX]);
			var hash = Convert.FromBase64String(split[PBKDF2_INDEX]);

			var testHash = PBKDF2(password, salt, iterations, hash.Length);
			return SlowEquals(hash, testHash);
		}

		/// <summary>
		///     Compares two byte arrays in length-constant time. This comparison
		///     method is used so that password hashes cannot be extracted from
		///     on-line systems using a timing attack and then attacked off-line.
		/// </summary>
		/// <param name="a">The first byte array.</param>
		/// <param name="b">The second byte array.</param>
		/// <returns>True if both byte arrays are equal. False otherwise.</returns>
		private static bool SlowEquals(byte[] a, byte[] b)
		{
			var diff = (uint) a.Length ^ (uint) b.Length;
			for (var i = 0; i < a.Length && i < b.Length; i++)
				diff |= (uint) (a[i] ^ b[i]);
			return diff == 0;
		}

		/// <summary>
		///     Computes the PBKDF2-SHA1 hash of a password.
		/// </summary>
		/// <param name="password">The password to hash.</param>
		/// <param name="salt">The salt.</param>
		/// <param name="iterations">The PBKDF2 iteration count.</param>
		/// <param name="outputBytes">The length of the hash to generate, in bytes.</param>
		/// <returns>A hash of the password.</returns>
		private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
		{
			using (var pbkdf2 = new Rfc2898DeriveBytes(password, salt))
			{
				pbkdf2.IterationCount = iterations;
				return pbkdf2.GetBytes(outputBytes);
			}
		}
	}
}